urllib3 vulnerabilities
Published: Wed, 03 Jun 2026 13:50
Summary
Several security issues were fixed in urllib3.
Details
It was discovered that urllib3 incorrectly handled cross-origin redirects in ProxyManager. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-44431) It was discovered that urllib3 incorrectly handled decompression of specially crafted responses. A remote attacker could possibly use this issue to cause urllib3 to consume resources, leading to a denial of service. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-44432)
Recommended actions per Ubuntu release
StackPatch playbook auto-generated per release codename and per affected package.
Ubuntu jammy
python-urllib3→1.26.5-1~exp1ubuntu0.7apt_upgradeStandard apt upgrade. Install 1.26.5-1~exp1ubuntu0.7 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python-urllib3
Most apt upgrades restart their service automatically. needrestart lists anything else.
python3-urllib3→1.26.5-1~exp1ubuntu0.7apt_upgradeStandard apt upgrade. Install 1.26.5-1~exp1ubuntu0.7 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python3-urllib3
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu noble
python-urllib3→2.0.7-1ubuntu0.7apt_upgradeStandard apt upgrade. Install 2.0.7-1ubuntu0.7 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python-urllib3
Most apt upgrades restart their service automatically. needrestart lists anything else.
python3-urllib3→2.0.7-1ubuntu0.7apt_upgradeStandard apt upgrade. Install 2.0.7-1ubuntu0.7 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python3-urllib3
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu questing
python-urllib3→2.3.0-3ubuntu0.6apt_upgradeStandard apt upgrade. Install 2.3.0-3ubuntu0.6 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python-urllib3
Most apt upgrades restart their service automatically. needrestart lists anything else.
python3-urllib3→2.3.0-3ubuntu0.6apt_upgradeStandard apt upgrade. Install 2.3.0-3ubuntu0.6 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python3-urllib3
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu resolute
python-urllib3→2.6.3-1ubuntu1.1apt_upgradeStandard apt upgrade. Install 2.6.3-1ubuntu1.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python-urllib3
Most apt upgrades restart their service automatically. needrestart lists anything else.
python3-urllib3→2.6.3-1ubuntu1.1apt_upgradeStandard apt upgrade. Install 2.6.3-1ubuntu1.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y python3-urllib3
Most apt upgrades restart their service automatically. needrestart lists anything else.
Are YOU affected by USN-8379-1?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8379-1 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.